RBL - spam blacklists howto

[alexnz]

can someone point me in the direction on how i setup my postfix system with maildir too support the RBL anti-spam blacklist system

thanks,

[sjau]

That is quite simple. You need them to add to the "smtpd_recipient_restrictions" in your main.cf file.

All of mien looks like that:

Code:

smtpd_recipient_restrictions =
        reject_invalid_hostname,
        permit_sasl_authenticated,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        permit_mynetworks,
#       permit_sasl_authenticated,
        reject_unauth_destination,
        check_recipient_access hash:/etc/postfix/recipient_checks,
        check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
        check_helo_access hash:/etc/postfix/helo_checks,
        check_sender_access hash:/etc/postfix/sender_checks,
        check_client_access hash:/etc/postfix/client_checks,
        check_client_access pcre:/etc/postfix/client_checks.pcre,
        reject_rbl_client relays.ordb.org,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client dul.dnsbl.sorbs.net,
        reject_rhsbl_client blackhole.securitysage.com,
        reject_rhsbl_sender blackhole.securitysage.com,
        reject_rbl_client relays.ordb.org,
        reject_rbl_client blackholes.easynet.nl,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client proxies.blackholes.wirehub.net,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client dnsbl.njabl.org,
        permit

As you can see in the first part I do some other checks and the RBLs start with that here:

Quote:

reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,
reject_rbl_client relays.ordb.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.njabl.org,

Just add those rbls that you want to use

After you have altered the main.cf restart postfix ^^

[alexnz]

thanks!

ive added the full string too main.cf and restarted postfix with no issues

ive installed rblcheck and rbldnsd using apt-get install - is this all i need too do for RBL blacklists too be added to my server?

thanks!!!

[falko]

Quote:

Originally Posted by alexnz

ive installed rblcheck and rbldnsd using apt-get install - is this all i need too do for RBL blacklists too be added to my server?

You don't need this. Just configure Postfix as outlined above.

[alexnz]

thanks for that falko!

[keybd_user]

Hi Falko,

Quote:

Originally Posted by falko

You don't need this. Just configure Postfix as outlined above.

I have a SuSE 10.1 64bit system.
In this case is this also the only thing necessary to put RBL's to work.

My problem is that I have setup this in main.cf but in my postfix directory I still keep getting an enormous amount of trash mail going to :

/var/spool/postfix/ ...

either the emails are
/deferred
/defer
/bounced (a bit less) or

/active
and
/incomming

At this point I have no user in the system! So I should get 0 emails. This is clearly spam .

Regards,
Pedro

[sjau]

if you want to use some more checks you could also add this:

Code:

        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,

Those are just standards checks on whether the email "appears" to be from a legit site.
In order to see whether you rbls work you can look at your mail.log and see if any of the lists rbls will appear in there.

[keybd_user]

Hi,

Quote:

Originally Posted by sjau

if you want to use some more checks you could also add this:

Code:

        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,

Those are just standards checks on whether the email "appears" to be from a legit site.
In order to see whether you rbls work you can look at your mail.log and see if any of the lists rbls will appear in there.

Thanks,

I did already looked at the mail logs.
and making :
prompt:/ less mail.log | grep blackhole.securitysage.com ... and the others rbnl's

does not return nothing ?!!?

Where can I see if the black lists servers are working?

regards,
Pedro

[keybd_user]

Hi,

Sorry once again.
The RBL's are working!
Just found several:
bl.spamcop.net blocks for certain ip's!
Funny but on 170MB of log no other RBL is invoked
Is it necessary any type of registration for the others ?
They seem free in a first glimpse. ...

Well it escaped me.

Quote:

Originally Posted by sjau

if you want to use some more checks you could also add this:

Code:

        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,

Those are just standards checks on whether the email "appears" to be from a legit site.
In order to see whether you rbls work you can look at your mail.log and see if any of the lists rbls will appear in there.

Your line are allready in your first post. The forced identification of hostname, sender and recipient, (fqdn).

Even like this the problem maintains.
In the mail logs I see a lot of emails sent!
That means postfix is still making relay for some of those emails!
In my server this at this current rate it will be 1,5GB in the end of the month!

Regards,
Pedro

[sjau]

Do you haven an open relay server?